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METHOD AND SYSTEM FOR PROVIDING A FILTER FOR A ROUTER 

Background Of The Invention 

Field of the Invention 

This invention generally relates to routers, and more specifically, to procedures for 
providing routers with filters. 

Prior Art 

Routers are used to direct data among and between subnetworks or devices of a network. 
Since a network can include tens of thousands of individually addressable devices, the 
operation of a router can be quite complex. 

In order to perform their complex operations, routers may be provided with filters, which 
are sets of rules that determine how the routers transmit data. For instance, when a 
router receives data, a filter may be used to determine the type or class of the data, or a 
filter may be employed to determine when, where and how to send the data. 

Occasionally, after a network has been designed and implemented and is in use, a filter 
may be written specifically for the network in order to address circumstances or 
situations comparatively specific to that network. Although the people writing such 
specific filters may be very knowledgeable about certain aspects of the operation and 
needs of the network, these people often have very limited expertise or experience in 
writing filters. Because of this, these specifically written filters may not be very 
effective, or may actually have adverse unintended consequences. 
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Summary Of The Invention 



An object of this invention is to improve procedures for providing filters for routers. 

5 Another object of the present invention is to provide a router with a better, substitute 
filter for a filter specifically written for the router. 

These and other objectives are attained with a method and system for providing a filter 
file for a router. A set of pre-written standardized filters are provided, and a program is 
10 run on a computer to identify one of these pre-written filters as a substitute for a non- 
standard filter that was written specifically for the router. That identified substitute filter 
is loaded onto the router and used instead of the filter that had been specifically written 

nil 

1 !f for the router. Preferably, the computer program is used to identify which one of the 

HE* 

pre-written standardized filters most closely matches, according to a predefined test, the 

y 

1 5 filter written specifically for the router. 



Further benefits and advantages of the invention will become apparent from a 
consideration of the following detailed description, given with reference to the 
accompanying drawings, which specify and show preferred embodiments of the 
20 invention. 



Brief Description Of The Drawings 
Figure 1 shows a network having a router and a group of subnetworks. 
Figure 2 is a flow chart illustrating a preferred implementation of this invention. 
Figure 3 show a computer system that may be used in the practice of the invention. 
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Figure 4 illustrates a memory medium that can be used to hold a computer program for 
carrying out this invention. 

Detailed Description Of The Preferred Embodiments 

Fig. 1 shows a network 10 which, for illustrative purposes, includes a first, second and 
third subnetworks (hereinafter referred to as subnets) SI, S2 and S3. The subnets SI, S2 
and S3 can have the same topologies or they can have different topologies. The 
topologies include, but are not limited to, Token ring, Ethernet, X.25 and FDDI. 
Devices 12, 13, 14, 15, 16 and 18 are connected to the first subnet SI; devices 20, 22, 
23, 24, 25, 26 and 28 are connected to the second subnet S2; and devices 30, 32, 33, 34, 
35, 36, and 37 are connected to the third subnet S3. A router 38 interconnects the first, 
second and third subnets SI, S2 and S3. 

The devices or hosts 12-37 can be workstations, personal computers, hubs, printers, 
network adapters, multiplexers, etc. It should be noted that for the purposes of this 
document, the terms "hosts" and "devices" are used interchangeably. The network 10 is 
scalable, which allows computing resources to be added as needed. Although only a 
small number of devices 12-38 are shown, the network 10 can encompass many 
addressable devices, for instance, up to tens of thousands of addressable devices. 

Each device 12-38 has a physical address and a unique Internet protocol (IP) address. 
For example, TCP/IP may be used as the protocols that regulate how data are packeted 
into IP packets and transported between the devices 12-38. Network 10 may also 
include a network manager 40 that is connected to the first subnet SI, and any suitable 
management protocol may be used in the operation of the network. 

Router 38 is provided with one or more filters to help secure data around the network. 
Each filter is a set of rules that determine how the router will transmit data. As 
mentioned above, a filter will be written after a network is implemented in order to 
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address specific circumstances of the network operation. Often, these specific filters are 
written by individuals who are not experts at writing filters. As a result, although the 
intended purposes of the filters may be highly desirable, the filters themselves may not 
be effective or may have adverse unintended consequences. 

Generally, in accordance with the present invention, a set of pre- written filter are 
provided, and a program is run on a computer to identify one of these pre-written filters 
as a substitute for the filter that was written specifically for the router. That identified 
substitute filter is loaded onto the router, and used instead of the filter that had been 
specifically written for the router. Preferably, the computer program is used to identify 
which one of the pre-written filters of the pre-written filter files most closely matches, 
according to a predefined test, the filter written specifically for the router. 

Figure 2 illustrates a preferred routine 50 for identifying one or more substitute filters for 
specifically written filter or filters. In this routine, step 52 represents providing a router 
filter file written specifically for the router, and step 54 represents providing a set of pre- 
written router filters in a file. Step 56 represents running the computer program. 

At steps 60 and 62, data structures are created for the pre-written filter and for the 
specifically written filters. As represented by step 64, the specifically written filters are 
matched with the pre-written filters. When a match for a specifically written filter is 
found, the routine, as represented by step 66, creates a data structures for the matched 
pre-written filter; and when no match is found for a specifically written filter, the 
routine, as represented by step 70, creates a data structure entry with the specific filter. 
Steps 64, 66 and 70 are repeated until searches have been performed to find matches ro 
all the specifically written filters. Then, at step 72, a new specific filter file is written, 
and at step 74, the pre-written filter file and the new specific filter file are loaded onto 
the router. 
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Any suitable set of pre- written filters may be used in the practice of this invention. For 
example, standard commercially available filters may be used, or non-standard filters 
may be used. 

Likewise, any suitable criteria and procedures may be employed to identify the 
appropriate substitute filter for the specifically written filter. These criteria and 
procedures may be identified in advance, or may be determined at the time the program 
is run to identify the substitute filter. Also, the criteria and procedures may be provided 
by the individuals or entities who provide the pre-written filters, or by the individuals or 
entity who wrote the specifically written filter. 

As will be understood by those skilled in the art, any suitable computing or calculating 
system or apparatus may be used to practice this invention. For example, a suitable 
computer system illustrated at 80 in Figure 3 may be used. System 80, generally, 
comprises a series of CPUs, a cache subsystem 84, and a random access memory 
(RAM) 86. Also, as will be understood by those skilled in the art, the present invention 
may be embodied in a computer program storage device (including software embodied 
in a magnetic, electrical, optical or other storage device). One suitable storage medium 
is illustrated, for example, at 90 in Figure 4. 

While it is apparent that the invention herein disclosed is well calculated to fulfill the 
objects stated above, it will be appreciated that numerous modifications and 
embodiments may be devised by those skilled in the art, and it is intended that the 
appended claims cover all such modifications and embodiments as fall within the true 
spirit and scope of the present invention. 
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